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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication/ 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S. C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 26 April 2007 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1-13 and 59 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) ; is/are allowed. 

6) E3 Claim(s) 1,2,5.6 and 59 is/are rejected. 

7) E3 Claim(s) 3,4,7-13 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 

12)E<] Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)[gl All b)D Some * c)D None of: 

1 .Kl Certified copies of the priority documents have been received, 

2.Q Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1) S Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) p aP© r No(s)/Mail Date. . 

3) £3 Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date 11/19/03. 10/7/05 . 6) □ Other: . 
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DETAILED ACTION 

Information Disclosure Statement 

The information disclosure statement filed 1 1/19/03, and 10/07/05 fails to comply 
with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 because there is no 
English translation. It has been placed in the application file, but the information 
referred to therein has not been considered as to the merits. Applicant is advised 
that the date of any re-submission of any item of information contained in this 
information disclosure statement or the submission of any missing element(s) will 
be the date of submission for purposes of determining compliance with the 
requirements based on the time of filing the statement, including all certification 
requirements for statements under 37 CFR 1.97(e). See MPEP § 609.05(a). 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claim 59 recites the limitation "the attack detector' 1 in line 16. There is 

insufficient antecedent basis for this limitation in the claim. The examiner 

suggests inserting a paragraph along the lines of claim 1 stating "an attack 

detector for detecting presence or absence. . .". 



Application/Control Number: 10/643,864 
Art Unit: 2134 



Page 3 



Claim Rejections - 35 USC § 103 

i 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1, and 59 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Lachman III US 2002/0166063 in view of Sheymov US 
7,010,698. 

As per claims 1, and 59 Lachman teaches an attack defending system provided at 
an interface between an internal network (host network) and an external network 
(internet), comprising a decoy device and a firewall device (Uplink Router), 
wherein the firewall device inputs an input IP packet from the external network 
and forwards it to one of the decoy device (Host router) and the internal network 
(Host Server, ANT Surveillance System), 

the firewall device comprises: a packet filter for determining whether the input IP 
packet inputted from the external network is to be accepted, based on header 
information of the input IP packet (filter with source address of packet) [0125] 
and a filtering condition corresponding to the input IP packet; a destination 
selector for selecting one of the internal network (Host Server) and the decoy 
device as a destination of the input IP packet accepted by the packet filter, based 
on the header information of the input IP packet and a distribution condition; and 
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a filtering condition manager for managing the filtering condition depending on 
whether the attack detector detects an attack based on the input IP packet 
forwarded to the decoy device (Updates ACL based on attack detection). 
Lachman III fails to teach a decoy device that comprises an attack detector. 

Sheymov teaches wherein the decoy device comprises: an attack detector for 
detecting presence or absence of an attack by executing a service process for the 
input IP packet transferred from the firewall device, (Dynamic Decoy Device with 
Sensor Module to detect attacks) (Col 8 lines 4-8). 

It would have been obvious to one of ordinary skill in the art to use the attack 
detection decoy of Sheymov with the system of Lachman III because it removes 
the need for additional attack detection devices thus lowering cost. 

As per claim 2 Lachman III teaches attack defending system according to claim 1, 
wherein the header information of an input IP packet includes at least one of a 
source IP address and a destination IP address thereof (It is well known TCP/IP 
packets contain source and destination IP addresses in the header), wherein the 
destination selector selects a destination of the input IP packet depending on 
whether the header information of the input IP packet satisfies the distribution 
condition (based on an access control list of source and IP addresses) [0125], 
[0133], [0135]. 

As per claim 5, Lachman III teaches the attack defending system according to 
claim 1, wherein the firewall device further comprises: a distribution condition 
updating section for updating the distribution condition depending on whether the 
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attack detector detects an attack based on the input IP packet transferred to the 
decoy device (Offensive Countermeasure Server updates router) [0076], [01 16]. 

As per claim 6, Lachman III teaches the attack defending system according to 
claim 1, wherein the filtering condition manager stores the filtering condition with 
a limited validity period, (specified time) [0125] which corresponds to the header 
information of the input IP packet (access control list) forwarded to the decoy 
device, wherein, when the limited validity period has elapsed, a default filtering 
condition is returned to the packet filter. 

Allowable Subject Matter 

Claims 3, 4, and 7-13 objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher J. Brown whose telephone number is 
(571)272-3833. The examiner can normally be reached on 8:30-6:00. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571)272-381 1 . The fax phone 
number for the organization where this application or proceeding is assigned is 
571-273-8300. Information regarding the status of an application may be 
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obtained from the Patent Application Information Retrieval (PAIR) system. 
Status information for published applications may be obtained from either Private 
PAIR or Public PAIR. Status information for unpublished applications is 
available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to 
the Private PAIR system, contact the Electronic Business Center (EBC) at 866- 
217-9197 (toll-free). If you would like assistance from a USPTO Customer 
Service Representative or access to the automated information system, call 800- 
786-9199 (IN USA OR CANADA) or 571-272-1000. 

Christopher J. Brown 7/23/07 




